<?php session_start();?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
    <?php
    require_once "functions.php";
    if(isset($_SESSION['lang']))
        require_once "./language_files/non_subscribed_signup_" . $_SESSION['lang'] . ".php";
    else
        require_once "./language_files/non_subscribed_signup_en.php";
    ob_start();
    //the action of the submit button is to vall the id_viewer function
    if(isset($_POST['submit']))
    {
        $c_pass=mysql_safe($_POST['confirm_password']);
        $pass=mysql_safe($_POST['password']);
        id_viewer($c_pass,$pass);
    }
    //this function takes the id of the user from URL and takes the password to add this user as a reviewer of a certain conference
    function id_viewer($password,$confirmpassword)
    {
        global $lang;

        // check whether the password or the confirmation of the password is empty
        if($_POST['confirm_password'] == null || $_POST['password'] == null)
        {
            echo $lang['message_1'];
        }
        else
        {
            //take the id of the user from the URL
            $temp_id=$_GET['id'];
            //Get the user email from the from the id provided in URL
            $emailtemp=mysql_query("SELECT request_email FROM request_on_subscribe WHERE temp_id = '$temp_id'")
                    or die(mysql_error());
            While($row=mysql_fetch_assoc($emailtemp))
            {
                $email=formatText_safe($row['request_email']);
            }
            //pass this email to the other pages
            $_SESSION ['email']=$email;
            //check that both passwords are equal to each other
            IF($password == $confirmpassword)
            {
                //Inserting the user into table member
                mysql_query("INSERT INTO member(email, password)
                  VALUES ('$email','$password')")
                        or die(mysql_error());
                //Get the member id from table member
                $temp_member_id=mysql_query("Select member_id
                                        from member
                                        where email = '$email'")
                        or die(mysql_error());

                While($row=mysql_fetch_assoc($temp_member_id))
                {
                    $member_id=$row['member_id'];
                }
                //Get the conference id from table request_on_member
                $temp_conference_id=mysql_query("Select conference_id
                                           from request_on_subscribe
                                           where request_email = '$email'")
                        or die(mysql_error());

                While($row=mysql_fetch_assoc($temp_conference_id))
                {
                    $conference_id=$row['conference_id'];
                }


                //Get the reviewer id
                $privileges_id_reviewer=mysql_query("SELECT privileges_id from privileges where role = 'reviewer'")
                        or die(mysql_error());
                While($row=mysql_fetch_assoc($privileges_id_reviewer))
                {
                    $privileges_id=$row['privileges_id'];
                }
                //insert into previllages table
                mysql_query("INSERT INTO Member_Privileges(member_id, privileges_id, conference_id)
                  VALUES ('$member_id','$privileges_id','$conference_id')")
                        or die(mysql_error());
                //delete the request from the table
                mysql_query("DELETE FROM Request_On_Subscribe where temp_id = '$temp_id'") or die(mysql_error());


                Header("Location:main.php?new=1");
            }
            //if password and confirm the password are not the same
            else
            {
                echo $lang['message_2'];
            }
        }

        mysql_close($con);
    }
    ob_end_flush();
    ?>
    <head>        
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <meta http-equiv="X-UA-Compatible" content="IE=9" />
        <link href="style3.css" rel="stylesheet" type="text/css" />
        <title></title>
    </head>
    <body onload ="timeMsg() ">

        <h1 style="font-family:arial; text-align:center"><?php echo $lang['sign_up'];?></h1>
        <form method="post" action ="Non_subscribed_signup.php<?php
    if(isset($_GET['id']))
    {
        echo '?id=' . $_GET['id'];
    }
    ?>">
            <table>
                <tr>
                    <td>
                        <?php echo $lang['password'];?>
                    </td>
                    <td>
                        <input type ="password" name ="password" maxlength ="30"/>
                    </td>
                </tr>
                <tr>
                    <td>
                        <?php echo $lang['confirm_password'];?>
                    </td>
                    <td>
                        <input type ="password" name ="confirm_password" maxlength ="30"/>
                    </td>
                </tr>
                <tr>
                    <td>
                        <input type ="submit" name ="submit" value ="<?php echo $lang['submit'];?>" id="toDisable" />
                    </td>
                </tr>
            </table>
        </form>
        <script type="text/javascript">
            function timeMsg() //called automatically when the page is opened
            {
                setTimeout("alertMsg()",1800000); //1800000 = 30 min
            }
            function alertMsg()
            {
                document.getElementById("toDisable").disabled = true;
                alert('Please re-open the page from the link provided in the mail');
            }

        </script>
    </body>
</html>